@echo off
REM ONE COMMAND to capture credentials properly

echo.
echo ====================================================
echo  CREDENTIAL CAPTURE - ONE COMMAND
echo ====================================================
echo.
echo This script will:
echo 1. Start mitmproxy to capture traffic
echo 2. Launch the app with Frida proxy forcing
echo 3. Show you Authorization headers and tokens
echo.
echo Keep both windows visible to see traffic!
echo.
echo STEP 1: Read mitmproxy output below
echo ====================================================
echo.

cd /d "%~dp0"

REM Start mitmproxy in background
start cmd /k "title mitmproxy & mitmproxy -p 8080 -w canadapost_traffic.mitm -v"

REM Give mitmproxy time to start
timeout /t 3 >nul

echo.
echo ====================================================
echo STEP 2: App launching with Frida...
echo ====================================================
echo.
echo When you see the app login screen:
echo   1. Log in with credentials (or skip)
echo   2. Go to "Track a Package"
echo   3. Enter any package number
echo   4. WATCH mitmproxy window for traffic!
echo.
echo Look for:
echo   - POST /oauth/oauth20/token (login)
echo   - GET /mgw/trackpackage (tracking API)
echo   - Authorization: Bearer eyJ... (THE JUICE!)
echo.
echo ====================================================
echo.

REM Launch app with all Frida scripts
frida -U -f com.canadapost.android -l frida_simple_bypass.js -l intercept_http_traffic.js -l extract_live_credentials.js

echo.
echo [*] App session ended
echo [*] mitmproxy window should still be running
echo [*] Close mitmproxy (Ctrl+C) when done capturing
echo [*] Then run: python extract_creds.py canadapost_traffic.mitm
echo.
pause